You are viewing the PKP Support Forum | PKP Home Wiki

LDAP mulitauthentication...again

Are you responsible for making OJS work -- installing, upgrading, migrating or troubleshooting? Do you think you've found a bug? Post in this forum.

Moderators: jmacgreg, btbell, michael, bdgregg, barbarah, asmecher

Forum rules
The Public Knowledge Project Support Forum is moving to http://forum.pkp.sfu.ca

This forum will be maintained permanently as an archived historical resource, but all new questions should be added to the new forum. Questions will no longer be monitored on this old forum after March 30, 2015.

LDAP mulitauthentication...again

Postby sqro » Mon Jul 15, 2013 4:18 am

My question is somewhat similar to the topic viewtopic.php?f=8&t=1893&p=36385&hilit=ldap+default#p36385

We have an AD server to which i have successfully connected with LDAP plugin as authentication source. This AD has to be authentication source for "internals" from our university meanwhile OJS internal database authentication is intended for external users. This is typical situation I guess

The problem appears with user registration. I setup LDAP as default authentication source. With enabled user profile synchronization.
During the registration of a new user it really does not matter what password is provided for a user account residing in LDAP. When we provide username existing in LDAP regardless if You provide proper password or not the account is created in OJS but the authorization is possible with the proper LDAP password only - the password entry in database is irrelevant as I could clear it.

Meanwhile OJS claims
Specifying a default authentication source other than OJS has the following effects:
If a user attempts to register a new account with this site with a username that exists on the authentication source (but not in the OJS database), the registration attempt is only allowed if the supplied password is valid for that user account.

I would rather expect explicit denial of a new user creation if the account name is from the LDAP and the password is invalid for that account. That would prevent conflicting of usernames which could appear sooner or later.

Am I doing anything wrong or misunderstand something?

And anticipating prospective problem
How to solve a situation when there in LDAP appears a new user with the same account name as already existing (external) in OJS database?

kind regards and thanks for really great work with PKP
Przemyslaw Skurowski
Posts: 7
Joined: Tue Jan 08, 2013 8:58 am

Return to OJS Technical Support

Who is online

Users browsing this forum: Google [Bot] and 3 guests